Canon, a major player in imaging and optical technology, recently confirmed it was targeted during the widespread hacking campaign against the Oracle E-Business Suite (EBS). Following an investigation, the company disclosed that the incident’s impact was contained, specifically affecting only a web server belonging to a subsidiary of Canon U.S.A., Inc. Canon stated that it had swiftly implemented security measures, allowing services to be resumed, and is continuing its investigation to confirm no other systems were compromised. At present, there has been no public release or leak of any Canon data, unlike the alleged terabytes of files stolen from other victims of this campaign.
This incident follows a previous attack on the company in 2020, where Canon was hit by a ransomware operation that resulted in the theft of employee information from its internal systems. The current Oracle EBS campaign has impacted numerous organizations globally. For instance, Cox Enterprises confirmed a compromise affecting the personal data of approximately 9,500 individuals, while Mazda also acknowledged being targeted but reported finding no evidence of data leakage from its systems.
The scope of the campaign is substantial, with more than 100 organizations named as alleged victims on the Cl0p ransomware website. Nearly half of these organizations are significant companies operating in critical sectors such as IT and telecoms, heavy industry, healthcare, retail, automotive, and energy. While the UK’s National Health Service (NHS) is currently investigating potential breaches, it has not yet confirmed a data compromise, and other large corporations, including Michelin, Broadcom, and Bechtel, have also yet to publicly confirm if their data was breached.
Although the Cl0p group has taken public credit for the listing of alleged victims, the technical consensus suggests that the attacks are likely driven by an unknown cluster of a threat actor known as FIN11. This group has a history of conducting similarly focused campaigns against other widely used enterprise software platforms in the past, suggesting a pattern of targeting critical business infrastructure.
While the listing of an organization on the Cl0p site usually indicates some level of compromise, the actual extent and severity of the data breach may be exaggerated by the threat actors for malicious purposes. Companies are actively working to assess the full impact, emphasizing the ongoing risk associated with widely used enterprise applications and the sophisticated nature of contemporary cyber-threats.
Reference:
